We are using the Hosted CIM for taking payments on our website. Since we are never touching, seeing or storing any payment information, we are filling in the SAQ A.
The only piece which I am unable to fill in is section 2d: where it asks for "Does the organization use one or more payment applications?". If so, you need to fill in "payment application name", "version number", "pa-dss listed?" and "pa-dss listing expiry".
Could anyone tell me if Authorize.net CIM is a "payment application". I have already added Authorize.net in section 2f which ask for "3rd party service providers".
Here is the SAQ A in reference: https://www.pcisecuritystandards.org/documents/SAQ_A_v3.pdf
Thanks!
